VYPR
← All advisories
Unrated severityNVD Advisory· Published Jan 5, 2021· Updated Aug 4, 2024

CVE-2020-27842

CVE-2020-27842

Description

OpenJPEG before version 2.4.0 has a null pointer dereference in the t2 encoder when processing crafted input, causing a denial of service.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

OpenJPEG before version 2.4.0 has a null pointer dereference in the t2 encoder when processing crafted input, causing a denial of service.

Vulnerability

A null pointer deference flaw exists in the opj_tgt_reset() function within lib/openjp2/tgt.c of OpenJPEG, affecting versions prior to 2.4.0 [1]. The vulnerability occurs in the t2 encoder component and can be triggered by providing a specially crafted JPEG 2000 file to the library [1][3]. When the crafted input is processed, a null pointer is dereferenced, leading to a crash.

Exploitation

An attacker must supply a maliciously crafted JPEG 2000 file to an application using the vulnerable OpenJPEG library. No special network position or authentication is required beyond the ability to deliver the input file. The exploitation path involves the crafted file causing an out-of-bounds read situation that culminates in a null pointer dereference within opj_tgt_reset() [1].

Impact

Successful exploitation results in a null pointer dereference, causing the application to crash. The impact is primarily on application availability (denial of service). No code execution or information disclosure is indicated by the available references [1][3].

Mitigation

The vulnerability is fixed in OpenJPEG version 2.4.0, released after the commit at https://github.com/uclouvain/openjpeg/pull/1296/commits/fbd30b064f8f9607d500437b6fedc41431fd6cdc [1]. Gentoo GLSA 202101-29 recommends upgrading to >=media-libs/openjpeg-2.4.0:2 [3]. Fedora and EPEL packages were tracked for updates [1]. No workarounds are available; upgrading to the fixed version is required.

References
  1. null pointer dereference in opj_tgt_reset function in lib/openjp2/tgt.c
  2. Multiple vulnerabilities (GLSA 202101-29) — Gentoo security

AI Insight generated on May 26, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.

Affected products

50

Patches

0

No patches discovered yet.

Vulnerability mechanics

Root cause

"Out-of-bounds read in opj_tgt_reset function leads to null pointer dereference."

Attack vector

An attacker provides a specially crafted image file to be processed by OpenJPEG's t2 encoder. The crafted input causes an out-of-bounds read in the `opj_tgt_reset` function, which results in a null pointer dereference [ref_id=1]. No authentication or special network access is required beyond delivering the malicious file to the application.

Affected code

The flaw resides in the `opj_tgt_reset` function in `lib/openjp2/tgt.c` of OpenJPEG versions prior to 2.4.0. A specially crafted file triggers an out-of-bounds read in this function, leading to a null pointer dereference [ref_id=1].

What the fix does

The upstream commit at https://github.com/uclouvain/openjpeg/pull/1296/commits/fbd30b064f8f9607d500437b6fedc41431fd6cdc addresses the issue [ref_id=1]. The patch prevents the out-of-bounds read in `opj_tgt_reset` that caused the null pointer dereference, ensuring the function handles crafted input safely.

Preconditions

  • inputThe attacker must supply a specially crafted image file to an application using OpenJPEG.
  • configThe application must process the crafted file through OpenJPEG's t2 encoder.

Generated on May 31, 2026. Inputs: CWE entries + fix-commit diffs from this CVE's patches. Citations validated against bundle.

References

7

News mentions

0

No linked articles in our index yet.